08-29-2011 12:54 PM - edited 03-04-2019 01:26 PM
I have an 877 with IOS 12.4
I have problems natting certain ports to an internal server.
The NAT table looks like this. None of the ports to IPs 10.0.0.252 and 10.0.0.254 seem to be forwarded (all http traffic)
the other nat routings work.
when I am on the internal network then these IPs accept http traffic on these ports - both are Synology servers
Could there be any settings I have to check?
Thanks in advance, Jozef
interface Vlan1
description internal network
ip address 10.0.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Vlan2
description WAN/Guest
ip address 192.168.1.2 255.255.255.0
ip access-group wan in
ip nat outside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool public 10.0.0.0 10.0.0.255 netmask 255.255.255.0
ip nat inside source list 1 interface Vlan2 overload
ip nat inside source static tcp 10.0.0.14 55752 interface Vlan2 55752
ip nat inside source static tcp 10.0.0.14 55753 interface Vlan2 55753
ip nat inside source static tcp 10.0.0.171 1171 interface Vlan2 1171
ip nat inside source static tcp 10.0.0.173 1173 interface Vlan2 1173
ip nat inside source static tcp 10.0.0.174 1174 interface Vlan2 1174
ip nat inside source static tcp 10.0.0.175 1175 interface Vlan2 1175
ip nat inside source static tcp 10.0.0.176 1176 interface Vlan2 1176
ip nat inside source static tcp 10.0.0.14 3389 interface Vlan2 3389
ip nat inside source static tcp 10.0.0.254 20 interface Vlan2 20
ip nat inside source static tcp 10.0.0.254 21 interface Vlan2 21
ip nat inside source static tcp 10.0.0.254 80 interface Vlan2 5000
ip nat inside source static tcp 10.0.0.254 7000 interface Vlan2 7000
ip nat inside source static tcp 10.0.0.172 1172 interface Vlan2 1172
ip nat inside source static tcp 10.0.0.177 1177 interface Vlan2 1177
ip nat inside source static tcp 10.0.0.254 8080 interface Vlan2 8080
ip nat inside source static tcp 10.0.0.15 3389 interface Vlan2 3390
ip nat inside source static tcp 10.0.0.254 4001 interface Vlan2 4001
ip nat inside source static tcp 10.0.0.129 1060 interface Vlan2 1060
ip nat inside source static tcp 10.0.0.254 5000 interface Vlan2 4000
09-06-2011 09:49 PM
Hi,
Does anything show with a
debug ip nat
when you hit the ports from VLAN 2? Also, do you have 10.0.0.252 and 10.0.0.254 blocked from VLAN 2 with the "wan" access list?
Mike Burr
09-07-2011 09:39 AM
Hi Michael,
Thanks for your time!
Is this what you wanted?
!
ip access-list extended wan
permit icmp 192.168.1.0 0.0.0.255 10.0.0.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 10.0.0.0 0.0.0.255
permit ip any any
!
the IP debug is like this:
(explanation: my global IP = 77.215.248.9
212.242.40.51 and 212.242.40.3 are DNS servers)
010032: .Sep 7 17:32:12.850 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.1
10.20 [25254]
010033: .Sep 7 17:32:12.854 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.1
10.20 [25255]
010034: .Sep 7 17:32:12.854 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.1
10.20 [25256]
010035: .Sep 7 17:32:12.862 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [4611]
010036: .Sep 7 17:32:12.866 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [4612]
010037: .Sep 7 17:32:12.866 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [25257]
010038: .Sep 7 17:32:13.154 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [4613]
010039: .Sep 7 17:32:13.350 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [4614]
010040: .Sep 7 17:32:13.358 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [25258]
010041: .Sep 7 17:32:13.646 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [4615]
010042: .Sep 7 17:32:14.622 PCTime: NAT: s=77.215.248.9, d=192.168.1.2->10.0.0.254 [31707]
010043: .Sep 7 17:32:14.706 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.3 [56025]
010044: .Sep 7 17:32:14.718 PCTime: NAT: s=212.242.40.3, d=192.168.1.2->10.0.0.175 [27269]
010045: .Sep 7 17:32:14.734 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.51 [56028]
010046: .Sep 7 17:32:14.746 PCTime: NAT: s=212.242.40.51, d=192.168.1.2->10.0.0.175 [55584]
010047: .Sep 7 17:32:14.810 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.3 [56035]
010048: .Sep 7 17:32:14.826 PCTime: NAT: s=212.242.40.3, d=192.168.1.2->10.0.0.175 [27722]
010049: .Sep 7 17:32:14.834 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.51 [56038]
010050: .Sep 7 17:32:14.846 PCTime: NAT: s=212.242.40.51, d=192.168.1.2->10.0.0.175 [55895]
010051: .Sep 7 17:32:14.866 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.3 [56041]
010052: .Sep 7 17:32:14.882 PCTime: NAT: s=212.242.40.3, d=192.168.1.2->10.0.0.175 [27926]
010053: .Sep 7 17:32:14.898 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.51 [56044]
010054: .Sep 7 17:32:14.910 PCTime: NAT: s=212.242.40.51, d=192.168.1.2->10.0.0.175 [56105]
010055: .Sep 7 17:32:14.962 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.3 [56050]
010056: .Sep 7 17:32:14.978 PCTime: NAT: s=212.242.40.3, d=192.168.1.2->10.0.0.175 [28303]
010057: .Sep 7 17:32:14.994 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [37971]
010058: .Sep 7 17:32:15.038 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [0]
010059: .Sep 7 17:32:15.042 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [37972]
010060: .Sep 7 17:32:15.134 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [55470]
010061: .Sep 7 17:32:15.134 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [37973]
010062: .Sep 7 17:32:15.138 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [37974]
010063: .Sep 7 17:32:15.138 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [37975]
010064: .Sep 7 17:32:15.226 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [55471]
010065: .Sep 7 17:32:15.226 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [55472]
010066: .Sep 7 17:32:15.226 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [37976]
010067: .Sep 7 17:32:15.274 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [55473]
010068: .Sep 7 17:32:15.278 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [55474]
010069: .Sep 7 17:32:15.278 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [37977]
010070: .Sep 7 17:32:15.282 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.3 [56082]
010071: .Sep 7 17:32:15.294 PCTime: NAT: s=212.242.40.3, d=192.168.1.2->10.0.0.175 [29657]
010072: .Sep 7 17:32:15.298 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.51 [56084]
010073: .Sep 7 17:32:15.310 PCTime: NAT: s=212.242.40.51, d=192.168.1.2->10.0.0.175 [57331]
010074: .Sep 7 17:32:15.318 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.3 [56086]
010075: .Sep 7 17:32:15.342 PCTime: NAT: s=212.242.40.3, d=192.168.1.2->10.0.0.175 [29834]
010076: .Sep 7 17:32:15.346 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.51 [56089]
010077: .Sep 7 17:32:15.358 PCTime: NAT: s=212.242.40.51, d=192.168.1.2->10.0.0.175 [57489]
010078: .Sep 7 17:32:15.394 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.3 [56094]
010079: .Sep 7 17:32:15.406 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [55475]
010080: .Sep 7 17:32:15.406 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [3852]
010081: .Sep 7 17:32:15.406 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [3853]
010082: .Sep 7 17:32:15.406 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [64508]
010083: .Sep 7 17:32:15.406 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [64509]
010084: .Sep 7 17:32:15.426 PCTime: NAT: s=212.242.40.3, d=192.168.1.2->10.0.0.175 [30225]
010085: .Sep 7 17:32:15.442 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.51 [56099]
010086: .Sep 7 17:32:15.454 PCTime: NAT: s=212.242.40.51, d=192.168.1.2->10.0.0.175 [57819]
010087: .Sep 7 17:32:15.462 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.3 [56100]
010088: .Sep 7 17:32:15.502 PCTime: NAT: s=212.242.40.3, d=192.168.1.2->10.0.0.175 [30563]
010089: .Sep 7 17:32:15.506 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [8253]
010090: .Sep 7 17:32:15.666 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [3854]
010091: .Sep 7 17:32:15.666 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [64510]
010092: .Sep 7 17:32:15.754 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [0]
010093: .Sep 7 17:32:15.754 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [8254]
010094: .Sep 7 17:32:15.930 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [21216]
010095: .Sep 7 17:32:15.930 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [21217]
010096: .Sep 7 17:32:15.930 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [36391]
010097: .Sep 7 17:32:15.934 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [64511]
010098: .Sep 7 17:32:15.934 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [64512]
010099: .Sep 7 17:32:15.934 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [8255]
010100: .Sep 7 17:32:15.934 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [8256]
010101: .Sep 7 17:32:15.938 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [8257]
010102: .Sep 7 17:32:16.106 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [36393]
010103: .Sep 7 17:32:16.110 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [36392]
010104: .Sep 7 17:32:16.110 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [8258]
010105: .Sep 7 17:32:16.294 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [60812]
010106: .Sep 7 17:32:16.298 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [60813]
010107: .Sep 7 17:32:16.298 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [36394]
010108: .Sep 7 17:32:16.298 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [64514]
010109: .Sep 7 17:32:16.298 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [64515]
010110: .Sep 7 17:32:17.106 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [36395]
010111: .Sep 7 17:32:17.106 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [8259]
010112: .Sep 7 17:32:17.158 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [36396]
010113: .Sep 7 17:32:17.618 PCTime: NAT: s=77.215.248.9, d=192.168.1.2->10.0.0.254 [31723]
010114: .Sep 7 17:32:17.958 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.3 [56350]
010115: .Sep 7 17:32:17.982 PCTime: NAT: s=212.242.40.3, d=192.168.1.2->10.0.0.175 [42110]
010116: .Sep 7 17:32:18.022 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.51 [56357]
010117: .Sep 7 17:32:18.034 PCTime: NAT: s=212.242.40.51, d=192.168.1.2->10.0.0.175 [839]
010118: .Sep 7 17:32:18.038 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.3 [56358]
010119: .Sep 7 17:32:18.054 PCTime: NAT: s=212.242.40.3, d=192.168.1.2->10.0.0.175 [42443]
010120: .Sep 7 17:32:18.054 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.51 [56360]
010121: .Sep 7 17:32:18.070 PCTime: NAT: s=212.242.40.51, d=192.168.1.2->10.0.0.175 [953]
010122: .Sep 7 17:32:18.074 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.3 [56362]
010123: .Sep 7 17:32:18.074 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [4616]
010124: .Sep 7 17:32:18.074 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [64516]
010125: .Sep 7 17:32:18.086 PCTime: NAT: s=212.242.40.3, d=192.168.1.2->10.0.0.175 [42586]
010126: .Sep 7 17:32:18.090 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.51 [56363]
010127: .Sep 7 17:32:18.102 PCTime: NAT: s=212.242.40.51, d=192.168.1.2->10.0.0.175 [1066]
010128: .Sep 7 17:32:18.106 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.3 [56365]
010129: .Sep 7 17:32:18.118 PCTime: NAT: s=212.242.40.3, d=192.168.1.2->10.0.0.175 [42728]
010130: .Sep 7 17:32:18.130 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [34418]
010131: .Sep 7 17:32:18.242 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [4617]
010132: .Sep 7 17:32:18.246 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [64517]
010133: .Sep 7 17:32:19.390 PCTime: NAT*: s=10.0.0.158->192.168.1.2, d=212.242.40.206 [21948]
010134: .Sep 7 17:32:19.474 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [55476]
010135: .Sep 7 17:32:19.474 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [55477]
010136: .Sep 7 17:32:19.474 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [64518]
010137: .Sep 7 17:32:19.474 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [64519]
010138: .Sep 7 17:32:21.123 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [34419]
010139: .Sep 7 17:32:21.135 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [0]
010140: .Sep 7 17:32:21.135 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [34420]
010141: .Sep 7 17:32:21.147 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [50237]
010142: .Sep 7 17:32:21.147 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [34421]
010143: .Sep 7 17:32:21.151 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [34422]
010144: .Sep 7 17:32:21.155 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [34423]no
010145: .Sep 7 17:32:21.163 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [50238]
010146: .Sep 7 17:32:21.163 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [50239]
010147: .Sep 7 17:32:21.167 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [34424]
010148: .Sep 7 17:32:21.279 PCTime: NAT: expiring 192.168.1.2 (10.0.0.175) tcp3674 (3674)
010149: .Sep 7 17:32:21.279 PCTime: NAT: expiring 192.168.1.2 (10.0.0.175) tcp3675 (3675)
010150: .Sep 7 17:32:21.523 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [36397]
010151: .Sep 7 17:32:21.523 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [36398]
010152: .Sep 7 17:32:21.523 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [64520]
010153: .Sep 7 17:32:21.523 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [50240]
010154: .Sep 7 17:32:21.527 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [64521]
010155: .Sep 7 17:32:21.903 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [50241]
010156: .Sep 7 17:32:21.907 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=193.202.110.20 [34425]
010157: .Sep 7 17:32:21.911 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.3 [56745]
010158: .Sep 7 17:32:21.935 PCTime: NAT: s=212.242.40.3, d=192.168.1.2->10.0.0.175 [59330]
010159: .Sep 7 17:32:21.935 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.51 [56748]
010160: .Sep 7 17:32:21.951 PCTime: NAT: s=212.242.40.51, d=192.168.1.2->10.0.0.175 [13192]
010161: .Sep 7 17:32:21.951 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.3 [56750]
010162: .Sep 7 17:32:21.995 PCTime: NAT: s=212.242.40.3, d=192.168.1.2->10.0.0.175 [59550]
010163: .Sep 7 17:32:21.999 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.51 [56754]
010164: .Sep 7 17:32:22.015 PCTime: NAT: s=212.242.40.51, d=192.168.1.2->10.0.0.175 [13400]
010165: .Sep 7 17:32:22.019 PCTime: NAT: s=10.0.0.175->192.168.1.2, d=212.242.40.3 [56756]
010166: .Sep 7 17:32:22.163 PCTime: NAT: s=193.202.110.20, d=192.168.1.2->10.0.0.175 [50242]
010167: .Sep 7 17:32:22.303 PCTime: NAT: expiring 192.168.1.2 (10.0.0.175) tcp3676 (3676)
010168: .Sep 7 17:32:22.303 PCTime: NAT: expiring 192.168.1.2 (10.0.0.175) tcp3677 (3677)
010169: .Sep 7 17:32:23.619 PCTime: NAT: s=77.215.248.9, d=192.168.1.2->10.0.0.254 [31759]
010170: .Sep 7 17:32:24.351 PCTime: NAT: expiring 192.168.1.2 (10.0.0.175) tcp3678 (3678)
09-06-2011 11:35 PM
Hello jozef
Can u post the output of show access-list 1
Sent from Cisco Technical Support iPhone App
09-07-2011 09:21 AM
Thank you. the output is:
routercisco1#show access-list 1
Standard IP access list 1
10 permit 10.0.0.0, wildcard bits 0.0.0.255 (27061979 matches)
routercisco1#debug ip nat
IP NAT debugging is on
routercisco1#
09-07-2011 11:22 PM
OK,
I went ahead and recreated a similar scenario in GNS3, it appears that you aren't NATing the 10.0.0.252 ports. You might want to add some of the ip nat inside source static... entries for the desired ports on the .252 host.
If I do a show ip nat translations, I get:
R1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 192.168.1.2:3389 10.0.0.14:3389 --- ---
tcp 192.168.1.2:55752 10.0.0.14:55752 --- ---
tcp 192.168.1.2:55753 10.0.0.14:55753 --- ---
tcp 192.168.1.2:3390 10.0.0.15:3389 --- ---
tcp 192.168.1.2:1060 10.0.0.129:1060 --- ---
tcp 192.168.1.2:1171 10.0.0.171:1171 --- ---
tcp 192.168.1.2:1172 10.0.0.172:1172 --- ---
tcp 192.168.1.2:1173 10.0.0.173:1173 --- ---
tcp 192.168.1.2:1174 10.0.0.174:1174 --- ---
tcp 192.168.1.2:1175 10.0.0.175:1175 --- ---
tcp 192.168.1.2:1176 10.0.0.176:1176 --- ---
tcp 192.168.1.2:1177 10.0.0.177:1177 --- ---
tcp 192.168.1.2:20 10.0.0.254:20 --- ---
tcp 192.168.1.2:21 10.0.0.254:21 --- ---
tcp 192.168.1.2:5000 10.0.0.254:80 --- ---
tcp 192.168.1.2:4001 10.0.0.254:4001 --- ---
tcp 192.168.1.2:4000 10.0.0.254:5000 --- ---
tcp 192.168.1.2:7000 10.0.0.254:7000 --- ---
tcp 192.168.1.2:8080 10.0.0.254:8080 --- ---
The .254 address appears that it should work,
*Mar 1 00:27:18.347: NAT*: TCP s=57873, d=5000->80
*Mar 1 00:27:18.351: NAT*: s=192.168.1.1, d=192.168.1.2->10.0.0.254 [11865]
*Mar 1 00:27:18.411: NAT*: TCP s=80->5000, d=57873
*Mar 1 00:27:18.411: NAT*: s=10.0.0.254->192.168.1.2, d=192.168.1.1 [45527]
*Mar 1 00:27:18.455: NAT*: TCP s=57873, d=5000->80
*Mar 1 00:27:18.455: NAT*: s=192.168.1.1, d=192.168.1.2->10.0.0.254 [11866]
*Mar 1 00:27:18.475: NAT*: TCP s=57873, d=5000->80
*Mar 1 00:27:18.475: NAT*: s=192.168.1.1, d=192.168.1.2->10.0.0.254 [11867]
*Mar 1 00:27:24.447: NAT*: TCP s=57873, d=5000->80
*Mar 1 00:27:24.451: NAT*: s=192.168.1.1, d=192.168.1.2->10.0.0.254 [11868]
For the debug ip nat output, we can trim it down using an access list (the 192.168.1.1 address is the IP of my "WAN host",
R1(config)#access-list 21 permit 192.168.1.1 0.0.0.0
R1(config)#access-list 21 permit 10.0.0.254 0.0.0.0
R1(config)#exit
*Mar 1 00:30:08.111: %SYS-5-CONFIG_I: Configured from console by console
R1#debug ip nat 21
IP NAT debugging is on for access list 21
R1#
*Mar 1 00:30:18.495: NAT*: TCP s=80->5000, d=57873
*Mar 1 00:30:18.499: NAT*: s=10.0.0.254->192.168.1.2, d=192.168.1.1 [45530]
*Mar 1 00:30:18.559: NAT*: TCP s=57873, d=5000->80
*Mar 1 00:30:18.559: NAT*: s=192.168.1.1, d=192.168.1.2->10.0.0.254 [11871]
What does show ip nat translations show for the .252 and .254 host?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide